From fb855ada9f2ee20f3b8773a4e53a2729973594e5 Mon Sep 17 00:00:00 2001
From: Sven Vermeulen <sven.vermeulen@siphos.be>
Date: Thu, 5 Apr 2012 18:20:49 +0200
Subject: Adding info on sandbox issue

---
 xml/selinux/hb-using-install.xml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'xml')

diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml
index a2bf934..ae3ce92 100644
--- a/xml/selinux/hb-using-install.xml
+++ b/xml/selinux/hb-using-install.xml
@@ -7,8 +7,8 @@
 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.4 2011/06/07 19:46:52 klondike Exp $ -->
 
 <sections>
-<version>17</version>
-<date>2012-01-29</date>
+<version>18</version>
+<date>2012-04-05</date>
 
 <section>
 <title>Installing Gentoo (Hardened)</title>
@@ -272,6 +272,10 @@ tools or configurations that apply.
 </p>
 
 <ul>
+  <!-- 
+  TODO When 2.20120215-r5 or higher is stabilized, the LVM change is not needed
+  anymore 
+  -->
   <li>
     If you use LVM for one or more file systems, you need to edit
     <path>/lib/rcscripts/addons/lvm-start.sh</path> (or <path>/lib64/..</path>)
@@ -288,6 +292,16 @@ tools or configurations that apply.
     which mess up the file labelling. For instance, <c>cp /bin/hostname 
     /bin/hostname.old</c>.
   </li>
+  <!--
+  TODO When the fix is accepted in the portage code and that portage version is
+  stabilized, the change is not needed anymore.
+  -->
+  <li>
+    Edit <path>/etc/sandbox.conf</path> and add in
+    <path>/sys/fs/selinux/context</path> to the <c>SANDBOX_WRITE</c> parameter.
+    This is currently needed to work around bug <uri 
+    link="https://bugs.gentoo.org/410687">410687</uri>.
+  </li>
 </ul>
 
 </body>
-- 
cgit v1.2.3-65-gdbad